package controller;

import java.io.IOException;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.LinkedList;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import model.User;
import model.UserGroup;

import core.CurrentUser;
import core.PgSQL;
import core.Tool;
import core.View;

public class EditUser extends HttpServlet {
	private static final long serialVersionUID = 1L;
	private static PgSQL db = PgSQL.getInstance();

	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		int uid = Tool.intval(request.getParameter("uid"));
		if(uid <= 0){
			response.sendRedirect("ChangeProfile");
			return;
		}
		
		CurrentUser user = new CurrentUser(request);
		if(!user.getGroup().isAdministrator()){
			View.showMessage(request, response, "Permission Denied.", "Index");
			return;
		}
		
		User u = null;
		ResultSet rs = db.query("SELECT * FROM qz_user WHERE uid=" + uid);
		try{
			if(rs != null && rs.next()){
				u = User.fromDatabase(rs);
				request.setAttribute("edit_user", u);
			}else{
				View.showMessage(request, response, "User does not exist.", "back");
				return;
			}
		}catch(SQLException e){
			e.printStackTrace();
			View.alertSystemCrash(request, response);
			return;
		}
		
		LinkedList<UserGroup> groups = new LinkedList<UserGroup>();
		rs = db.query("SELECT * FROM qz_usergroup ORDER BY groupid");
		try{
			while(rs.next()){
				groups.add(UserGroup.fromDatabase(rs));
			}
			request.setAttribute("usergroup[]", groups.toArray(new UserGroup[0]));
		}catch(SQLException e){
			e.printStackTrace();
			View.alertSystemCrash(request, response);
		}

		View.show(request, response, "edit_user");
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		int uid = Tool.intval(request.getParameter("uid"));
		if(uid <= 0){
			response.sendRedirect("ChangeProfile");
			return;
		}
		
		CurrentUser user = new CurrentUser(request);
		if(!user.getGroup().isAdministrator()){
			View.showMessage(request, response, "Permission Denied.", "Index");
			return;
		}
		
		ResultSet rs = db.query("SELECT permission FROM qz_user u LEFT JOIN qz_usergroup g ON g.groupid=u.groupid WHERE u.uid=" + uid);
		try{
			if(rs.next()){
				UserGroup g = new UserGroup();
				g.setPermission(rs.getInt(1));
				if(g.isAdministrator()){
					View.showMessage(request, response, "The user is an administrator and is not to be modified.", "back");
					return;
				}
				
			}else{
				View.showMessage(request, response, "The specified user does not exist.", "back");
				return;
			}
		}catch(SQLException e){
			e.printStackTrace();
			View.showMessage(request, response, "Server crashed.", null);
			return;
		}
			
		int groupid = Tool.intval(request.getParameter("groupid"));
		String username = Tool.htmlspecialchars(request.getParameter("username"));
		String password = request.getParameter("password");
		
		PreparedStatement ps = db.prepareStatement("UPDATE qz_user SET groupid=?,username=?,password=? WHERE uid=?");
		try{
			ps.setInt(1, groupid);
			ps.setString(2, username);
			ps.setString(3, password);
			ps.setInt(4, uid);
			ps.executeUpdate();
			
			View.showMessage(request, response, "The user has been updated.", "refresh");
		}catch(SQLException e){
			e.printStackTrace();
			View.alertSystemCrash(request, response);
		}
	}

}
